Further Important Notes

Finding a domain controller to query

If the specified LDAP path starts with "LDAP://" (or no prefix) a domain controller is searched (and used for further AD queries) using the following algorithm:

Server nameAction
Server nameSpecified DC is used

Probe domain controllers of current domain.

First connectable DC is used.

Comma separated list of server namesFirst connectable DC is used.

Finding a global catalog to query

If the LDAP path starts with "GC://" (or no prefix) a global catalog is used for further AD queries.


ADSync supports users from trusted subdomains. That means, groups may not only contain users from the main domain but also users from subdomains.


The only LDAP-implementation currently supported by ADSync is Microsoft's Active Directory (although ADSync theoretically synchronizes to any LDAP implementation).

No AD user name "ADMIN" will be synchronized to the DigaSystem (it is available and does not require an Action Right).

Reading Active Directory domain

AdSync read an Active Directory domain even if the hosting computed is not inside the domain.